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REMARKS " 

The Applicants and the undersigned thank Examiner Shaw for his careful review of this 
application. After entry of this Amendment, Claims 1-5, 7-13, 15-17, 19-27, 29-36, and 38-45 
axe pending in the present application, with Claims 1, 13, 22, 30, and 39 being independent. 
Applicants have amended Claims 1. 13, 22, 24, 30, 33, 39, and 40 herein. Applicants have 
canceled Claims 6, 14, 18, 28, and 37 herein without prejudice to or disclaimer of the subject 
matter therein. No new matter has been added. 

Consideration of the present application is respectfully requested in light of the above 
amendments to the application and in view of the following remarks. 

Su mmary of Telephonic Intervi ew of August 4. 2006 

The Applicants and the undersigned thank the Examiner for his time and consideration 
given during the telephonic interview of August 4, 2006. During this telephonic interview, 
proposed amendments to the claims were discussed. 

The Applicants' representative explained that the prior art of record, especially U.S. 
Patent No. 6,467,002 issued to Yang, (hereinafter the "Yang" reference) does not provide any 
teaching of assigning an asset value for the element, wherein the asset value indicates the relative 
importance of the element in the network, as recited in amended independent Claims 1, 13, 22, 
30, and 39. 

The focus of the interview was to make sure that Examiner Shaw was comfortable with 
the new language of the claims and that he understood what inventive features the Applicants are 
trying to claim. Examiner Shaw acknowledged the changes and that he understood the new 
language. Furthermore, Examiner Shaw stated that he would conduct an updated search on the 
technology when the Applicants submit a formal amendment containing the claims as discussed 
during the telephonic interview. 

Examiner Shaw also expressed some concern regarding the language of "more thorough- 
included in independent Claim 1 with respect to 35 U.S.C. § 112, 2 rtd paragraph. The 
Applicants' representative acknowledged the Examiner's concern and have addressed the issue 
below with a claim amendment. 
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The Applicants and the undersigned request Examiner Shaw to review this interview 
summary and to approve it by writing "Interview Record OK" along with his initials and the date 
next to this summary in the margin as discussed in MPEP § 713,04. 

Claim Rejections 

In the Office Action dated March 7, 2006, the Examiner rejected Claims 1-45 under 35 
U.S.C. § 103(a). Specifically: 

• The Examiner rejected Claims 30, 32, 34-35, and 38 under 35 U.S.C § 103(a) as 
allegedly being obvious over Proctor, U.S. Patent No. 6,530,024 (hereinafter the 
"Proctor reference"), and further in view of Gleichauf et al, U.S. Patent No. 6,301 ,668 
(hereinafter the "Gleichauf reference") and Kingsford et al., U.S. Patent No. 
6,574,737 (hereinafter the "Kingsford reference"). 

• The Examiner rejected Claim 3 1 under 35 U.S.C. § 103(a) as being obvious over the 
Proctor reference, Gleichauf reference, and Kingsford reference as applied to Claim 
30, and further in view of Hartley et al, U.S. Patent No. 6,889,168 (hereinafter the 
"Hartley reference"). 

• The Examiner rejected Claims 1 -2, 4-5, 9, 1 1-15, 17, 20-23, 25-26, 28-29, 39, 42-45 
as being obvious over the Proctor reference and further in view of the Gleichauf 
reference, Kingsford reference, and Hartley reference. 

• The Examiner rejected Claim 33 under 35 U.S.C. § 103(a) as being obvious over the 
Proctor reference, Gleichauf reference, and Kingsford reference as applied to Claim 
30, and further in view of Yang, U.S. Patent No. 6,467,002 (hereinafter the "Yang 
reference"). 

• The Examiner rejected Claims 3, 16, 27, and 41 under 35 U.S.C. § 103(a) as being 
obvious over the Proctor reference, Gleichauf reference, Kingsford reference, and 
Hartley reference as applied to Claims 1, 13, 22, and 29, and further in view of 
Brabson et a], U.S. Patent No. 5,715,395 (hereinafter the "Brabson reference"). 

• The Examiner rejected Claim 36 under 35 U.S.C § 103(a) as being obvious over the 
Proctor reference, Gleichauf reference, and Kingsford reference as applied to Claim 
30, and further in view of the Hartley reference and the Brabson reference. 
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• The Examiner rejected Claims 6-8, 18, 24, and 40 under 35 U.S.C. § 103(a) as being 
obvious over the Proctor reference, Gleichauf reference, Kingsford reference, and 
Hartley reference as applied to Claims 1,13, 22, and 39, and further in view of the 
Yang reference. 

• Lastly, the Examiner rejected Claims 10 and 19 under 35 U.S.C. § 103(a) as being 
obvious over the Proctor reference, Gleichauf reference, Kingsford reference, and 
Hartley reference as applied to Claims 1 and 13, and further in view of Barroux, U.S. 
Patent No. 6,220,768 (hereinafter the "Barroux reference"). 

The Applicants respectfully offer remarks to traverse these rejections. The Applicants 
will address each independent claim separately as the Applicants believes that each independent 
claim is separately patentable over the prior art of record. 

Independent Claim 1 

The rejection of Claim 1 is respectfully traversed. It is respectfully submitted that the 
combination of the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux 
references fails to describe, teach, or suggest: (1) conducting a discovery scan to identify an 
element of the computer network and determine the element's functions and assigning an asset 
value for the element, wherein the asset value indicates the relative importance of the element in 
the network; (2) configuring an audit scan to perform on the element, wherein the audit scan is a 
braoder scan than the discovery scan; (3) scheduling a time to perform the audit scan on the 
element; (4) running the audit scan of the element at the scheduled time; (5) calculating a 
security score for the element based on the audit scan by summing one or more vulnerabilities 
associated with the element; and (6) scheduling another time to repeat the audit scan on the 
element, the scheduling based on the results of the audit scan and the security score, as recited in 
amended independent Claim 1. 

The Proctor Referenra 

The Proctor reference describes a system and method for managing security incidents in a 
computing environment that uses adaptive feedback to update security procedures in response to 
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detected security- incidents. The system and method can define security procedures, which can 
include one or more policies, and implement these security procedures on one or more 
computing systems in me computing environment. The system and method monitor* activities in 
the environment and detects security incidents using the implemented security procedures. When 
a security incident is detected, the security procedures are updated in response to the detected 
security incident and implemented on one or more systems in the computing environment. 

The Proctor reference fails to teach calculating a security score for the element based on 
the audit scan by summing one or more vulnerabilities associated with the element. Proctor 
teaches that in accordance with the audit policy, one or more event log files can be generated and 
recorded indicating the various auditedactivities occurring within the target. See Col. 11, lines 
30-33 and Step 1046 in Figure 10 of the Proctor reference below. 

Next, Proctor teaches an implemented collection policy that results in the collection of 
records in event log files at the scheduled intervals. See Col. 11, lines 38^1 and Step 1048 in 
Figure 10 of the Proctor reference below. The collected records can then be provided to the 
security system for analysis, refetred to as a security assessment. The security assessment can be 
performed based on the audited activities that have been recorded in event log files. See Col. 1 1, 
lines 41-45 and Step 1052 in Figure 10 of the Proctor reference below. 

Finally, Proctor teaches that the security assessment determines whether an actual, 
attempted or potential security breach has occurred or is occurring. In response to determining 
that a security breach has occurred, one or more policy updates can be made to one or more of 
the audit policy, collection policy and detection policy. See Col, 11, lines 49-53 and Step 1054 
of Figure 10 of the Proctor reference below. 



[SET POLICIES F OR COMPUTING ENVIRONMENT!- 1 044 
i CREATE 6VEMTLOG RLE} — 1046 
[ COU^CT RECORDS FROMEVENT LOgT - 1 * 0*8 
[PERFORM SECURITY 1 ASSESSMENT"!— 1 052 
I UPDATE SECURITY PROCEDURES! — 1 os * 

FIG. 10 
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To one of ordinary skill in .ho art, too collection of event log files to petfonn a secunry 
assessment ia no, the same as calculating a security score fo, the .lemon, oasrf on tie audi, scan 
by summits one or more vulnerabilities associated with toe elemem, as recheu by amended 

Claim 1 of the present application. 

in the Office Action, the Examiner admitted that Proctor reference fails to teach or 
suggest all the features as set forth in amended independent Claim 1 . Specifically, the Exammer 
admits that Proctor fails to teach conducting a discovery scan to identify an element of the 
computer network and determine the element's functions and assigning an asset value for the 
element, wherein the asset value indicates the relative importance of the element in the network; 
scheduling a time to perform the audit scan on the element; and scheduling another time to repeat 
me audit scan on the element, the scheduling based on the results of the audit scan and the 
security score. For these features, the Examiner relied on the Hartley, Gleichauf, Yang, and 
Kingsford references as discussed below. 

The Hartley Ctleichauf References 

In the Office Action, the Examiner stated that the Pioctor reference does not expressly 
disclose the scheduling feature regarding to the audit scan. For that feature, the Examiner relied 
on the Hartley reference for disclosing a scheduling module which is used for specifying the hme 
of conducting security modules. Furthermore, the Examiner relied on Gleichauf to teach that the 
scanning process can be repeated and for conducting a discovery scan to identify an element of 
the computer network and detennine the element's functions. However, the Hartley and 
Gleichauf references, either alone or in combination, fail to teach scheduling another time to 
repeat the audit scan on the element, the scheduling based on the results of the audit scan and the 
security score. Furthermore, the Hartley and Gleichauf references fail to teach calculating a 
security score for the element based on the audit scan by summing one or more vulnerabilities 
associated with the element. Finally, the Hartley and Gleichauf references fail to teach assigning 
an asset value for the element, wherein the asset value indicates the relative importance of the 
element in the network. 
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The Hartley Reference 

As noted above, the Examiner relied on the Hartley reference for disclosing a scheduling 
module which is used for specifying the time of conducting security modules. In general, the 
Hartley Reference describes a method and apparatus that can perform a security analysis on a 
computer system to identify, notify, and possibly correct, vulnerabilities and discrepancies. 

However, the Hartley reference fails to teach scheduling another time to repeat the audit 
scan on the element, the scheduling based on the results of the audit scan and the security score, 
as recited by amended Claim 1 of the present application. Instead, Hartley discloses a schedule 
module that can provide the functionality to run security checks at predetermined intervals. The 
checks can be scheduled to run at specific designated times as well as at regular intervals such as 
monthly or weekly. The schedule module of Hartley can further provide the flexibility to run 
individual security modules or all tests. See Col. 7, lines 9-14 of the Hartley reference. 

Furthermore, in contrast to the invention of amended Claim 1, the Hartley system does 
not calculate a security score for the element based on the audit scan by summing one or more 
vulnerabilities associated with the element nor does the Hartley system teach the step of 
conducting a discovery scan to identify an element of the computer network and determine the 
element's functions and assigning an asset value for the element, wherein the asset value 
indicates the relative importance of the element in the network. 

The Gleichauf Reference 

As noted above, the Examiner relied on the Gleichauf reference to teach that the scanning 
process can be repeated and conducting a discovery scan to identify an element of the computer 
network and determine the element's functions, hx general, the Gleichauf references describes a 
method and system for adaptive network security using network vulnerability assessment. 

However, the Gleichauf reference fails to teach scheduling another time to repeat the 
audit scan on the element, the scheduling based on the results of the audit scan and the security 
score, as recited by amended Claim 1 of the present application. Instead, Gleichauf discloses a 
system where as the network information drives the services performed by the security system, 
the security system is able to configure and reconfigure itself as the networic dynamics dictate. 
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Fu^armore, if the system determines that the scanning step? should be repeated, it returns to 
obtain updated network information, and the method is repeated. See Col. 9, lines 8-13. 

The Gleichauf reference also fails to teach assigning an asset value for the element, 
wherein the asset value indicates the relative importance of the element in the network. On p. 34 
of the non-final Office Action, the Examiner expressly states that "Gleichauf et al. [does] not 
expressly disclose assigning an asset value for the element, wherein the asset value indicates the 
relative importance of the element in the network." 

Furthermore, in contrast to the invention of amended Claim 1, the Gleichauf system does 
not calculate a security score for the element based on the audit scan by summing one or more 
vulnerabilities associated with the element. 

The Yang Reference 

As noted above, the Examiner relied on the Gleichauf reference for disclosing the step of 
conducting a discovery scan to identify an element of the computer network and determine the 
element's functions. However, the Examiner noted that Gleichauf failed to disclose assigning an 
asset value for the element, wherein the asset value indicates the relative importance of the 
element in the network, as recited in amended independent Claim 1. For this feature, the 
Examiner relied on the Yang reference. 

In general, Yang discloses a method and system for priority arbitration in a computer 
environment having a shared resource capable of servicing a plurality of devices. Yang can 
assign an initial priority order to the plurality of devices such that those devices have priorities 
which are distinct. Next, the system can identify those of the plurality of devices which have 
issued service requests to the shared resource in a first clock cycle as requesting devices. 
Provided that there are more than one requesting device in the first clock cycle, the system can 
select one of the requesting devices to be serviced by the shared resource in a second clock cycle 
following the first clock cycle, where the selected device has the highest of the priorities among 
the requesting devices based on the initial priority order. The system can also reassign the 
priorities among the plurality of devices such that the selected device is assigned the lowest one 
of the priorities. See Col. 2, line 33 to Col. 3, line 4. 
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... _ **nie Examiner notes that "Yang discloses a priority assignment module for assigning 
priority values to various devices in the network environment." See non-final Office Action p. 
34. However, the Yang reference fails to teach conducting a discovery scan to identify an 
element of the computer network and determine the elements functions and assigning an asset 
value for the element, wherein the asset value indicates the relative importance of the element in 
the network, as recited in amended Claim 1. Instead, Yang discloses a system that assigns a 
priority to network devices so that "each device is assured of the opportunity to gain access to 
the shared resource with substantially equal likelihood." See CoL 6, lines 57-59. The 
assignment of the initial priority order among devices is performed upon a power on reset or 
other disruptive events which necessitate a re-initialization of the priority order. See Col, 5, lines 
64-67. Furthermore, after a network device gains access to the shared resource, the system of 
Yang can reassign the priority values to allow another device access to the shared resource. See 
Col. 6, lines 48-65, 

Therefore, the "priority order" of Yang is different from the "asset value" as recited in 
amended independent Claim 1. The "priority order" of Yang is not based on the relative 
importance of the element in the network environment. Instead, Yang randomly assigns a value 
to each network device to promote a fair system for granting access to the shared resource to 
prevent conflicts that may arise as multiple devices attempt to access the shared resource. 
Subsequently, all of the devices in Yang may eventually be assigned the highest priority value to 
access the shared resource. Therefore, the assignment in Yang is merely arbitrary and not at all 
based on the relative importance of the network device. 

Furthermore, in contrast to the invention of amended Claim 1, the Yang system does not 
calculate a security score for the element based on the audit scan by summing one or more 
vulnerabilities associated with the element. 

The Kinesford Reference 

The Examiner relies on the KingsfoTd reference to disclose by summing one or more 
vulnerabilities associated with the network element. In general, the Kingsford reference 
describes a method and system that can perform a penetration test to discover vulnerabilities in a 
network by using scan modules. 
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However, the Kingsford reference fails to teach calculating a security score for the 
element based on the audit scan by summing one or more vulnerabilities associated with the 
element as recited in Claim 1 of the present application. Instead, Kingsford discloses storing 
information in a data record where vulnerabilities are assigned a risk value on a scale of 1-100, 
with 1-33 being low risk, 34-66 being medium risk, and 67-100 being high risk. Subsequently, 
the system's risk and/or a collective risk profile can be displayed to the user on the user interface. 
See Col. 19, lines 37-50. Kingsford also discloses that reports can be generated that contain "a 
high level summary of the scan; a chart showing the number of high-, medium-, and low-risk 
vulnerabilities; an index of network resources discovered; a list of network resources along with 
all vulnerabilities associated with that resource; an index of vulnerabilities discovered; a list of 
vulnerabilities along with all resources found to have that vulnerability; the objective tree, along 
with the number of times each objective was met." See Col. 20, lines 13-20. 

Therefore, the system of Kingsford merely discloses assigning a risk value based on a 
three-tiered range and then displaying that value to the user on a user interface or through a 
report. Kingsford does not teach calculating a security score element based on the audit scan by 
summing one or more vulnerabilities associated with the element, as recited in independent 
Claim 1. 

Furthermore, in contrast to the invention of amended Claim 1, the Kingsford reference 
does not teach the step of conducting a discovery scan to identify an element of the computer 
network and determine the element's functions and assigning an asset value for the element, 
wherein the asset value indicates the relative importance of the element in the network. 

The Brabson and Barroux References 

The Examiner further relies on the Brabson and Bairoux references to teach certain 
features recited in the dependent claims that rely on Independent Claim 1 . However, Applicant 
further submits that the Brabson and Barroux references fail to teach or suggest at least the 
features as set forth in amended independent Claim 1. 

Brabson discloses an apparatus and method for reducing resource location traffic in a 
computer network. The reduction in location traffic is obtained when a node which has initiated 
a search for a resource which cannot be found starts a timing cycle interval during which 
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subsequent initiating requests at the node are automatically failed without performing the 
network search. This method can reduce network traffic for searches that are likely to fail. 
Furthermore, Brabson discloses a threshold counter that alleviates possible difficulties that the 
above method may cause for high demand resources. The threshold counter can be incremented 
each time a search for a specific resource is automatically failed. A network search is performed 
when either the interval expires or the threshold counter exceeds a threshold count. 

Barroux discloses a method and apparatus for automatically surveying a network. The 
method of surveying a network can include the steps of sending a plurality of SNMP variable 
value requests via a network where each of the plurality of requests are addressed to a different 
address in a range of address space; receiving a plurality of replies to the plurality of requests 
where each of the replies originate from a different address in the range; extracting information 
from each of the replies where the information characterizing assets at the nodes receiving the 
plurality of messages and generating the replies; and developing from the extracted information 
an asset database characterizing a current configuration of assets at the nodes generating the 
replies. 



Summary for Analysis of Indepen dent Claim 1 Ppj ^Hnr, 

In light of the differences between amended independent Claim 1 and the Proctor, 
Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, Applicant submits that 
the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, either alone 
or in combination, fail to teach or suggest at least the features as set forth in amended 
independent Claim 1. Applicant further submits that none of the other documents cited by the 
Examiner teach or suggest those features. Accordingly, Applicant respectfully requests 
reconsideration and withdrawal of the rejection of Claim 1 . 

"More Thorough" Claim Language 

As indicated above, the Examiner Shaw expressed concern regarding the language of 
"more thorough" included in independent Claim 1 with respect to 35 U.S.C. § 1 12, 2 nd paragraph 
during the telephonic interview on August 4, 2006. To address the Examiner's concern, the 
Applicants have further amended independent Claim I with respect to this language. 
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Independent Claim 13 

The rejection of Claim 13 is respectfully traversed. It is respectfully submitted that the 
combination of the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux 
references fails to describe, teach, or suggest: (1) conducting a discovery scan to identify an 
element of the computer network and assigning an asset value for the element, wherein the asset 
value indicates the relative importance of the element in the network; (2) configuring an audit 
scan to perform on the element and assigning an asset value for the element, wherein the asset 
value indicates the relative importance of the element in the network; (3) scheduling a time to 
perform the audit scan on the element; (4) running the audit scan at the scheduled time on the 
element; and (5) calculating a security score for the element based on the audit scan by summing 
one or more vulnerabilities associated with the element, as recited in amended independent 
Claim 13. 

Similar to the analysis of independent Claim 1, the Proctor reference fails to address 
conducting a discovery scan to identify an element of the computer network and assigning an 
asset value for the element, wherein the asset value indicates the relative importance of the 
element in the network, as recited in amended independent Claim 13. 

In light of the differences between amended independent Claim 13 and the Proctor, 
Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, Applicant submits that 
the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, either alone 
or in combination, fail to teach or suggest at least the features as set forth in amended 
independent Claim 13. Applicant further submits that none of the other documents cited by the 
Examiner teach or suggest those features. Accordingly, Applicant respectfully requests 
reconsideration and withdrawal of the rejection of Claim 13. 

Independent Claim 22 

The rejection of Claim 22 is respectfully traversed. It is respectfully submitted that the 
combination of the Proctor, Hartley, Kingsford, Gleichauf Yang, Brabson, and Barroux 
references fails to describe, teach, or suggest: (1) receiving an initial scan identifying a network 
element and the function of the network element and assigning an asset value for the network 
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element, wherein the asset value indicates" theTelative importance of the network element in the 
network; (2) selecting an audit scan to perform on the network element, the selection based on 
^ initial scan ' wnerein * e audi t scan is broader than the initial scan; (3) scheduling the audit 
scan to perform on the network element; (4) performing the audit scan on the network element at 
the scheduled time; (5) receiving data from the selected audit scan of the network element; and 
(6) computing a security score for the network element from the selected audit scan by summing 
one or more vulnerabilities associated with the network element, as recited in amended 
independent Claim 22. 

Similar to the analysis of independent Claim 1, the Proctor reference fails to address 
receiving an initial scan identifying a network element and the function of the network element 
and assigning an asset value for the network element, wherein the asset value indicates the 
relative importance of the network element in the network, as recited in amended independent 
Claim 22. 

In light of the differences between amended independent Claim 22 and the Proctor, 
Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, Applicant submits that 
the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, either alone 
or in combination, fail to teach or suggest at least the features as set forth in amended 
independent Claim 22. Applicant further submits that none of the other documents cited by the 
Examiner teach or suggest those features. Accordingly, Applicant respectfully requests 
reconsideration and withdrawal of the rejection of Claim 22. 

Furthermore, similar to independent Claim 1, Claim 22 included the language of "more 
thorough" with which the Examiner expressed concern about during the telephonic interview on 
August 4, 2006. To address the Examiner's concern, the Applicants have further amended 
independent Claim 22 with respect to this language. 

Independent Tlaim 1ft 

The rejection of Claim 30 is respectfully traversed. It is respectfully submitted that the 
combination of rhe Proctor, Hartley, Kingsford, Glerchauf, Yang, Brabson, and Barroux 
references fails to describe, teach, or suggest: (1) receiving an initial scan identifying a network 
element and assigning an asset value for the network element, wherein the asset value indicates 
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the relative importance of the network element" in the network; (2) selecting an audit scan to 
perform on the network element, said selection based on the initial scan; (2) performing the 
selected audit scan on the network; (3) receiving data from the selected audit scan of the network 
element; and (4) computing a security score for the network element from the selected audit scan 
by summing one or more vulnerabilities associated with the network element, as recited in 
amended independent Claim 30. 

Similar to the analysis of independent Claim 1, the Proctor reference fails to address 
receiving an initial scan identifying a network element and assigning an asset value for the 
network element, wherein the asset value indicates the relative importance of the network 
element in the network, as recited in amended independent Claim 30. 

In light of the differences between amended independent Claim 30 and the Proctor, 
Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, Applicant submits that 
the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, either alone 
or in combination, fail to teach or suggest at least the features as set forth in amended 
independent Claim 30. Applicant further submits that none of the other documents cited by the 
Examiner teach or suggest those features. Accordingly, Applicant respectfully requests 
reconsideration and withdrawal of the rejection of Claim 30. 

Independent Claim 39 

The rejection of Claim 39 is respectfully traversed. It is respectfully submitted that the 
combination of the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux 
references fails to describe, teach, or suggest: (1) the computer network; (2) a security audit 
system operable for conducting a discovery scan to identify an element of the computer network 
and assigning an asset value for the element, wherein the asset value indicates the relative 
importance of the element in the network, configuring and scheduling an audit scan of the 
element, and computing a security score for the network element from the selected audit scan by 
summing one or more vulnerabilities associated with the network element; and (3) a console 
operable for receiving information from the security audit system and transmitting information to 
the security audit system about the discovery scan and the audit scan, as recited in amended 
independent Claim 39. 
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Similar to the analysis of mdependehf Claim 1, the Proctor reference fails to address a a 
security audit system operable for conducting a discovery scan to identify an element of the 
computer network and assigning an asset value for the element, wherein the asset value indicates 
the relative importance of the element in the network, as recited in amended independent Claim 
39. 

In light of the differences between amended independent Claim 39 and the Proctor, 
Hartley, Kingsford, Gleichauf, Yang, Brabson, and Barroux references, Applicant submits that 
the Proctor, Hartley, Kingsford, Gleichauf, Yang, Brabson, and Banoux references, either alone 
or in combination, fail to teach or suggest at least the features as set forth in amended 
independent Claim 39. Applicant further submits that none of the other documents cited by the 
Examiner teach or suggest those features. Accordingly, Applicant respectfully requests 
reconsideration and withdrawal of the rejection of Claim 39. 

Depend ent Claims 2-5, 7-12. 15-17. 19-21. 23-27. 29. 31-36 38, and 4(M5 

The Applicants respectfully submit that the above-identified dependent claims are 

allowable because the independent claims from which they depend are patentable over the cited 

prior art reference. The Applicants also respectfully submit that the recitations of these 

dependent claims are of patentable significance. 

In view of the foregoing, the Applicants respectfully request that the Examiner withdraw 

the pending rejections of dependent Claims 2-5, 7-12, 15-17, 19-21, 23-27, 29, 31-36, 38, and 

40-45. 



-25- 



PAGE 30/31 * RCVD AT 8/7/2006 2:58:43 PM [Eastern Daylight Time]* SVR:USPTO-EFXRF-5/14 * DNIS:273830t>* CSID:404 572 5134 * DURATION (mm-ss):08-18 



AUG 07 2006 15:10 FR KING AND SPALDING 404 572 5134 TO 344380545BS 1 0500 P. 31 



- ' - • - - 



. .--i, |f jirf 1 ■' ----- - 



Application No. 10/066,367 



CONCLUSION 



Applicants submit the foregoing as a &ll_and complete response to the Non-Final Office 
Action dated March 7, 2006. The Applicants and the undersigned thank Examiner Shaw for 
consideration of these remarks. Applicants submit that this Amendment places the application in 
condition for allowance and respectfully request such action. 

If any issues exist that can be resolved with an Examiner's Amendment or a telephone 
conference, please contact the undersigned at 404.572.4647. 



KING & SPALDING LLP 

1 1 80 Peachtree Street, 34 ,h Floor 

Atlanta, Georgia 30309-3521 

(404) 572-4600 

K&S Docket: 05456.105009 
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Respectfully submitted, 




Kerry L. Broome 
Reg. No. 54,004 
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